[valgrind] [Bug 381326] recognize re-convergent fanout before complaining about Uninitialized

Sun, 23 Jul 2017 10:32:51 -0700 

https://bugs.kde.org/show_bug.cgi?id=381326

--- Comment #10 from John Reiser <jrei...@bitwagon.com> ---
(In reply to John Reiser from comment #8)

> The underlying principle is that it can be useful to view "a bit is
> initialized" as equivalent to "the cardinality of the set of possible values
> is 1, not 2."

Expanding: if int 'a' is initialized and int 'x' is not, then consider the
code:
    /* memcheck should complain about the comparison because x is uninit */
    if (x == a) {
        /* Now x is known to have only 1 value (namely, the value of 'a'),
         * so 'x' has become initialized.  So memcheck should no longer
complain
         * about 'x' in this True branch of the 'if'.
         */
        g(x);  /* arbitrary code that does not change 'x' */
    }
    else {
        x = 42;  /* Initialize 'x' */
    }
    /* Here the fan-out of if-else has re-converged, and 'x' is known to be
     * initialized at the end of all (both) branches, so 'x' is has become
initialized.
     */
so the initialization status of 'x' has been changed by a Read-and-Compare (to
an initialized value, with result Equal), and not by a Write.  The converging
of all branches to the same point, with 'x' initialized at the end of each
branch, "solidifies" the initialization going forward.  Even more fortuitously,
the detailed analysis is necessary only in the unlikely case when there are
some Uninit bits, so can be done by a closed subroutine in the infrequent
branch.

In the extreme case where the bit width of 'x' is 1, then comparing to any
initialized bit makes 'x' initialized, even without the balancing branch.  If
the result of the comparison is Equal then by the same reasoning as before, and
if NotEqual then that means Equal to the complement *bit*, whose set of all
possible values also has cardinality 1.

> It also applies to <, <=, >=, > when there are enough Valid bits that are
> contiguous with the MostSignificantBit, and the operands satisfy the
> relation when restricted to those contiguous bits.

The case of <= and >= is only for the '<' or '>' result implying non-equality
(unless the whole words are valid.)

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to